#!/usr/bin/bash
#
# ai-service-action -- Start/stop/restart/reload a systemd service.
# Used by the BlueOnyx AI agent for write operations (requires admin confirmation).
#
set -e

PATH=/bin:/usr/bin:/usr/local/bin
SUDO=/usr/bin/sudo

# --- Usage ----------------------------------------------------------------
usage() {
    echo "Usage: $(basename "$0") <service-name> <start|stop|restart|reload>" >&2
    exit 1
}

# --- Args ----------------------------------------------------------------
if [ $# -ne 2 ]; then
    usage
fi

SERVICE="$1"
ACTION="$2"

# Validate action
case "$ACTION" in
    start|stop|restart|reload) ;;
    *) echo "ERROR: Invalid action '$ACTION'. Must be start, stop, restart, or reload." >&2
       usage
       ;;
esac

# Known safe services -- only these can be managed
ALLOWED_SERVICES="
httpd nginx dovecot postfix proftpd named mariadb mysql
clamd spamassassin cron rsyslog sshd
sausalito-cce sausalito-cced sausalito-ai sausalito-llama
base-apache base-php base-mail base-dns base-www
"

if ! echo "$ALLOWED_SERVICES" | grep -qF "$SERVICE"; then
    # Also allow anything starting with base- (BlueOnyx module services)
    if [[ "$SERVICE" != base-* ]]; then
        echo "ERROR: Service '$SERVICE' is not in the allowed list." >&2
        exit 1
    fi
fi

# Check service exists
if ! systemctl list-unit-files --quiet "${SERVICE}.service" 2>/dev/null; then
    echo "ERROR: Service '${SERVICE}.service' not found." >&2
    exit 1
fi

# Execute via sudo (password handled separately by the agent confirmation flow)
$SUDO /usr/bin/systemctl "$ACTION" "${SERVICE}.service"
exit $?

# 
# Copyright (c) 2008-2026 Michael Stauber, SOLARSPEED.NET
# Copyright (c) 2008-2026 Team BlueOnyx, BLUEONYX.IT
# All Rights Reserved.
# 
# 1. Redistributions of source code must retain the above copyright 
#    notice, this list of conditions and the following disclaimer.
# 
# 2. Redistributions in binary form must reproduce the above copyright 
#    notice, this list of conditions and the following disclaimer in 
#    the documentation and/or other materials provided with the 
#    distribution.
# 
# 3. Neither the name of the copyright holder nor the names of its 
#    contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
# POSSIBILITY OF SUCH DAMAGE.
# 
# You acknowledge that this software is not designed or intended for 
# use in the design, construction, operation or maintenance of any 
# nuclear facility.
# 
